diff options
author | Purushottam Choudhary <Purushottam.Choudhary@kpit.com> | 2021-03-03 16:20:38 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2021-03-09 06:22:09 -1000 |
commit | 8836a56a9f17f238908b7d0e286a6d386f7be290 (patch) | |
tree | 0ae03eb4bc4c150722c6c43849fd4aed41526d3b | |
parent | c65a671d7af64a19bebd45b1c4d02fdf124a1c5a (diff) | |
download | openembedded-core-8836a56a9f17f238908b7d0e286a6d386f7be290.tar.gz |
shadow: whitelist CVE-2013-4235
This CVE is about TOCTOU (time-of-check time-of-use)
race condition when copying and removing directory trees
which had very low severity problem and marked as closed
and won't fix. Therefore whitelisted CVE-2013-4235.
Master, gatesgarth and dunfell all have shadow version 4.81.
Hence, this is applicable for master, gatesgarth and dunfell.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1c6cd87bee6b019619dc5728fd6c36bc87ed696)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-extended/shadow/shadow_4.8.1.bb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb b/meta/recipes-extended/shadow/shadow_4.8.1.bb index c975395ff8..ff4aad926f 100644 --- a/meta/recipes-extended/shadow/shadow_4.8.1.bb +++ b/meta/recipes-extended/shadow/shadow_4.8.1.bb @@ -6,5 +6,6 @@ BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p BBCLASSEXTEND = "native nativesdk" - - +# Severity is low and marked as closed and won't fix. +# https://bugzilla.redhat.com/show_bug.cgi?id=884658 +CVE_CHECK_WHITELIST += "CVE-2013-4235" |